Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I configure REGEX to recognize/match on a multi-line event?

the_wolverine
Champion
‎07-16-2010 05:44 PM

I have a REGEX configured (in transforms.conf) that works with my single line events, but appears to be failing on all multi-line events. Is there a special configuration necessary to get the REGEX to work on multi-line events?

Reply

the_wolverine
Champion
‎07-16-2010 05:49 PM

Correct. The regex processor is unable to handle multi-line events without additional configuration. You'll need to tell it that the event is multi-line by using (?m) before the regular expression. For example:

REGEX = (?m)^(.*)(foobar)
Reply

the_wolverine
Champion
‎07-16-2010 08:33 PM

LOL - duly noted. I've updated the response.

0 Karma
Reply

Lowell
Super Champion
‎07-16-2010 06:52 PM

Suggested change: "The regex processor is unable to handle multi-line events" may be more accurate as: "The regex processor handles multi-line events one line at a time."

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...